CISM stands for "Certified Information Security Manager" and it's a prestigious training course and certification by ISACA that teaches IT Professionals how to assess risks, implement effective governance and proactively respond to incidents.

This ISACA CISM course provides training on data breaches, ransomware attacks and other constantly evolving security threats are top-of-mind for today’s IT professionals.

Where is this course available?

This course is available In-Person in Doha, Qatar, Dubai, Abu Dhabi in UAE & Riyadh in Saudi Arabia, Muscat in Oman and Amman in Jordan as well as being available Online Worldwide.

How do I become a CISM?

There are five requirements you must satisfy to get a CISM certification:

1. Pass the CISM exam

The first step to getting a CISM certification is passing an exam that consists of the following topics:

• Information security incident management

• Information security program development and management

• Information risk management

• Information security governance

The exam is multiple choice, consisting of 150 questions. Applicants have four hours to complete it. If CISM candidates do not meet the rest of the requirements, then their test score is voided.

2. Adhere to the code of professional ethics

The second step to obtaining a CISM certification is to agree to the “Code of Professional Ethics.” ISACA set forth this ethics code to guide the professional and personal conduct of CISM certification holders. 

The code of ethics requires CISM holders to maintain ISACA’s standards and maintain proficiency in the information systems field.

3. Complete continuing education

The third step to achieving certification is to follow a strict continuing education policy set forth by ISACA. You are required to complete a minimum of 20 hours of continuing professional education annually and a minimum of 120 hours of CPE within a three-year period. The main objective of this continuing education policy is to ensure that you maintain an adequate level of current knowledge and proficiency in information security.

4. Complete work experience

The fourth step to getting your CISM certification is submitting evidence verified by your employer of a minimum of five years of information security work experience.

Additionally, these five years must include at least three years of information security management work experience in three or more job practice analysis areas, which include information security governance, information risk management, information security program development, and management and information security incident management.

The work experience must be gained within five years from the day you passed the exam.Because you need five years of work experience while also meeting this certification requirement in less than five years, you will need to begin working in the information security field before you pass your CISM exam.

ISACA does allow for work experience substitutions in which you can substitute one or two years of information security work experience with the following:

• Two years substituted if you are a CISA (Certified Information Systems Auditor)

• Two years substituted if you are a CISSP (Certified Information Systems Security Professional)

• Two years substituted if you have a post-graduate degree in information security or a related field

• One year substituted for 12 months of information systems management experience

• One year substituted for 12 months of general security management experience

• One year substituted for every skill-based security certification you hold (GIAC, MCSE, CBCP)

• One year substituted for the completion of an information security management program at an institution aligned with the model curriculum

Even if you substituted all five years with a combination of some of these work experience substitutions, you still must have three years of work experience in an information security management position.

5. Submit an application for CISM certification

Once you have passed the exam, agreed to the ethics code, paid your recurring annual fee, followed the continuing education policy and maintained the required work experience, you can submit an application for the CISM certification. Once ISACA confirms your information, you are awarded the CISM certification and designation.

Prerequisites

Eligibility to sit for the CISM exam requires a minimum of five years' experience in the field of information security. Out of these five years, three must encompass work across at least three different job practice areas, with no less than a year of experience in each area.

The relevant job practice areas are as follows:

• Information Security Management

• Information Risk Management

• Information Security Program Development

• Information Security Governance

However, certain qualifications can decrease the required amount of work experience. For instance, possessing a CISA certification can shorten this requirement by two years, while each additional skill-based security certification, such as CBCP or GIAC, can reduce the requirement by one year.

It is not necessary to hold a degree to gain this certification.